Vaultwarden

Description / name	Input element
Container Registry	GitHub Container Registry
Container Configuration Root Path
Timezone	UTC
User ID
Group ID
Vaultwarden Host Port
Vaultwarden /config Path

Lightweight Bitwarden-compatible password manager server — self-host your passwords, secrets, and secure notes.

Port	80
Registry	ghcr.io/daemonless/vaultwarden
Daemonless	daemonless/vaultwarden
Source	dani-garcia/vaultwarden
Website	github.com/dani-garcia/vaultwarden

Version Tags

Tag	Description	Best For
latest	Upstream Binary. Built from official release.	Alternative build.
pkg	FreeBSD Quarterly. Uses stable, tested packages.	Most users. Matches Linux Docker behavior.
pkg-latest	FreeBSD Latest. Rolling package updates.	Newest FreeBSD packages.
Podman on FreeBSD currently requires root. All commands must be run as root (or via doas/sudo).

Before deploying, ensure your host environment is ready. See the Quick Start Guide for host setup instructions.

Deployment

Podman Compose AppJail Director Podman CLI Ansible

services:
  vaultwarden:
    image: ghcr.io/daemonless/vaultwarden:latest
    container_name: vaultwarden
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=UTC
      - SIGNUPS_ALLOWED=true
    volumes:
      - "/path/to/containers/vaultwarden:/config"
    ports:
      - 80:80
    restart: unless-stopped

Download compose.yaml

DIRECTOR_PROJECT=vaultwarden
PUID=1000
PGID=1000
TZ=UTC
SIGNUPS_ALLOWED=true

options:
  - virtualnet: ':<random> default'
  - nat:
services:
  vaultwarden:
    name: vaultwarden
    options:
      - container: 'boot args:--pull'
    oci:
      user: root
      environment:
        - PUID: !ENV '${PUID}'
        - PGID: !ENV '${PGID}'
        - TZ: !ENV '${TZ}'
        - SIGNUPS_ALLOWED: !ENV '${SIGNUPS_ALLOWED}'
    volumes:
      - VAULTWARDEN_CONFIG_PATH: /config
volumes:
  VAULTWARDEN_CONFIG_PATH:
    device: '/path/to/containers/vaultwarden'

ARG tag=latest

OPTION overwrite=force
OPTION from=ghcr.io/daemonless/vaultwarden:${tag}

Download Vaultwarden Appjail (.zip)

podman run -d --name vaultwarden \
  -p 80:80 \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=UTC \
  -e SIGNUPS_ALLOWED=true \
  -v /path/to/containers/vaultwarden:/config \
  ghcr.io/daemonless/vaultwarden:latest

Download run.sh

- name: Deploy vaultwarden
  containers.podman.podman_container:
    name: vaultwarden
    image: ghcr.io/daemonless/vaultwarden:latest
    state: started
    restart_policy: always
    env:
      PUID: "1000"
      PGID: "1000"
      TZ: "UTC"
      SIGNUPS_ALLOWED: "true"
    ports:
      - "80:80"
    volumes:
      - "/path/to/containers/vaultwarden:/config"

Download vaultwarden-deploy.yaml

Interactive Configuration

Parameters

Environment Variables

Variable	Default	Description
PUID	1000	User ID for the application process
PGID	1000	Group ID for the application process
TZ	UTC	Timezone for the container
SIGNUPS_ALLOWED	true	Enable/disable user registration (true/false)

Volumes

Path	Description
/config	Data directory (database, attachments, icons)

Ports

Port	Protocol	Description
80	TCP	Web UI

Implementation Details

• Architectures: amd64
• User: bsd (UID/GID set via PUID/PGID). Defaults to 1000:1000.
• Base: Built on ghcr.io/daemonless/base (FreeBSD 15.0).

---

Need help? Join our Discord community.